2017’s Most Surprising Data Threat Report Results
This is the second in our series on 2017 Data Threats – Read the initial post on “The Big Disconnect” here.
In the just released 2017 Thales Data Threat Report – Global Edition developed by Thales with 451 Research, we had some surprising results in the data. Some of these surprises were around new environments – our results around Containers was one of these – while others stressed just how much most enterprises HAVE NOT changed what they are doing, in spite of changes in the threat landscape that their organizations are encountering, and the continued increase in rates of data breaches that are one of the prime results.
Let’s start with one of the results that shows how much organizations have not changed their approach – increases in IT Security spending. What we found is a continued reliance on network and end point security to protect data, even though these defenses are no longer 100% effective in protecting organizations against attackers out to steal data. The sad fact is that these defenses are now porous, and that they no longer can stay ahead of changes to attacks. It’s not that they aren’t necessary. They continue to be a critical part of what organizations need to safeguard their business, but organizations now need to take into account that even the most advanced network, IPS/IDS or anti-virus solution is going to keep them completely safe and act accordingly. Security controls need to prioritized with this new reality in mind, and changes made accordingly. Tools that can help to prevent access to sensitive data internally, identify unauthorized data access activities, and that keep it from being useful without once identified and exported should now have at least equivalent priority.
Another surprise was how much a global focus on data residency and data sovereignty is affecting organizations in the U.S. as well as in the rest of the world. If you work for a global enterprise in IT Security, you are probably already aware of new requirements in the works from Europe in the form of the General Data Protection Regulation (GDPR). GDPR comes into force in May of 2018, and is already causing disruption because it takes the penalties for personal data loss to a new level, with fines of up to 4% of global gross sales a possibility. Brazil, Mexico and Japan are also implementing or considering stronger controls for personal data. This year 72% globally of our sample of enterprise IT security professionals said that these new initiatives are having a real effect on their operations, with identical rates in the U.S. and U.K. of 75% (that was really unexpected), and the lowest rate measured in Japan at 56%.
Last are two results from the area of advanced technologies – one for Containers (think Docker) and another for Cloud.
We were really surprised this year both by the high adoption rates for use of containers with production applications and the prevalence of the use of sensitive data within these environments. In my last post, you’ll find that 63% of those surveyed were concerned that their organizations were deploying sensitive data to Cloud, IoT, Containers and Big Data environments without having the data security in place. With 40% of enterprises already deploying containers, and almost 20% deploying critical applications there, the rate of adoption for containers from a standing start in March of 2013 when Docker was released is a phenomenal change.
The second surprise in advanced technologies was the strong focus on cloud security related controls. For the first time, 4 of the 5 top data security controls planned to be implemented in the next 12 months are cloud related.
Next week, I’ll take one more look into the details of these results with a look at the biggest global differences we found.